From: Matthieu Patou Date: Sun, 25 Jul 2010 23:01:03 +0000 (+0400) Subject: s4 torture: add new rpc torture tests for backup key remote protocol X-Git-Url: http://git.samba.org/?p=mat%2Fsamba.git;a=commitdiff_plain;h=refs%2Fheads%2Fbackupkey_heimdal_recent s4 torture: add new rpc torture tests for backup key remote protocol --- diff --git a/source4/torture/rpc/backupkey.c b/source4/torture/rpc/backupkey.c new file mode 100644 index 0000000000..337548e269 --- /dev/null +++ b/source4/torture/rpc/backupkey.c @@ -0,0 +1,1744 @@ +/* + Unix SMB/CIFS implementation. + test suite for backupkey remote protocol rpc operations + + Copyright (C) Matthieu Patou 2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "hx_locl.h" +#include "auth/auth.h" +#include "lib/cmdline/popt_common.h" +#include "auth/gensec/gensec.h" +#include "libcli/auth/libcli_auth.h" +#include "librpc/gen_ndr/ndr_backupkey_c.h" +#include "librpc/gen_ndr/backupkey.h" +#include "librpc/gen_ndr/ndr_backupkey.h" +#include "librpc/gen_ndr/ndr_security.h" +#include "libcli/security/security.h" +#include "torture/rpc/torture_rpc.h" +#include "param/param.h" +#include "librpc/gen_ndr/ndr_lsa_c.h" + +/* Our very special and valued secret */ +static char secret[] = "tata yoyo mais qu'est ce qu'il y a sous ton grand chapeau ?"; + +# if 0 +static void print_hex(uint8_t *tab, uint32_t size) { + uint32_t i; + for (i=0; ibinding_handle; + struct dcerpc_binding *binding = p->binding; + struct bkrp_BackupKey r; + struct bkrp_client_side_wrapped data; + struct GUID g; + enum ndr_err_code ret; + DATA_BLOB blob; + DATA_BLOB out_blob; + + binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO); + ZERO_STRUCT(r); + ZERO_STRUCT(data); + GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g); + r.in.guidActionAgent = &g; + ret = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped); + r.in.data_in = blob.data; + r.in.data_in_len = blob.length; + data.version = 2; + data.encrypted_secret_len = 0; + data.access_check_len = 0; + r.out.data_out = &out_blob.data; + r.out.data_out_len = &out_blob.length; + + //torture_comment(tctx, "No seal or sign ? %d\n", p->conn->security_state.auth_info == NULL); + if( p->conn->security_state.auth_info != NULL && + p->conn->security_state.auth_info->auth_level == 6) { + torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), + "Get GUID"); + torture_assert_werr_equal(tctx, r.out.result, WERR_OK, "Wrong dce/rpc error code"); + } else { + torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), + NT_STATUS_ACCESS_DENIED, "Get GUID"); + } + return true; +} + +static struct dom_sid *get_user_sid(struct torture_context *tctx, struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, const char* user) { + struct lsa_ObjectAttribute attr; + struct lsa_QosInfo qos; + struct lsa_OpenPolicy2 r; + struct lsa_Close c; + NTSTATUS status; + struct policy_handle handle; + struct lsa_LookupNames l; + struct lsa_TransSidArray sids; + struct lsa_RefDomainList *domains = NULL; + struct lsa_String lsa_name; + uint32_t count = 0; + struct dom_sid *result; + TALLOC_CTX *tmp_ctx; + struct dcerpc_pipe *p2; + struct dcerpc_binding_handle *b; + + const char* domain = cli_credentials_get_domain(cmdline_credentials); + + torture_assert_ntstatus_ok(tctx, + torture_rpc_connection(tctx, &p2, &ndr_table_lsarpc), + "could not open lsarpc pipe"); + b = p2->binding_handle; + + if (!(tmp_ctx = talloc_new(mem_ctx))) { + return NULL; + } + qos.len = 0; + qos.impersonation_level = 2; + qos.context_mode = 1; + qos.effective_only = 0; + + attr.len = 0; + attr.root_dir = NULL; + attr.object_name = NULL; + attr.attributes = 0; + attr.sec_desc = NULL; + attr.sec_qos = &qos; + + r.in.system_name = "\\"; + r.in.attr = &attr; + r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; + r.out.handle = &handle; + + status = dcerpc_lsa_OpenPolicy2_r(b, tmp_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + torture_comment(tctx, "OpenPolicy2 failed - %s\n", nt_errstr(status)); + talloc_free(tmp_ctx); + return NULL; + } + if (!NT_STATUS_IS_OK(r.out.result)) { + torture_comment(tctx, "OpenPolicy2_ failed - %s\n", nt_errstr(r.out.result)); + talloc_free(tmp_ctx); + return NULL; + } + + sids.count = 0; + sids.sids = NULL; + + lsa_name.string = talloc_asprintf(tmp_ctx, "%s\\%s", domain, user); + + l.in.handle = &handle; + l.in.num_names = 1; + l.in.names = &lsa_name; + l.in.sids = &sids; + l.in.level = 1; + l.in.count = &count; + l.out.count = &count; + l.out.sids = &sids; + l.out.domains = &domains; + + status = dcerpc_lsa_LookupNames_r(b, tmp_ctx, &l); + if (!NT_STATUS_IS_OK(status)) { + torture_comment(tctx, "LookupNames of %s failed - %s\n", lsa_name.string, + nt_errstr(status)); + talloc_free(tmp_ctx); + return NULL; + } + + if (domains->count == 0) { + return NULL; + } + + result = dom_sid_add_rid(mem_ctx, domains->domains[0].sid, + l.out.sids->sids[0].rid); + c.in.handle = &handle; + c.out.handle = &handle; + + status = dcerpc_lsa_Close_r(b, tmp_ctx, &c); + if (!NT_STATUS_IS_OK(status)) { + torture_comment(tctx, "dcerpc_lsa_Close failed - %s\n", nt_errstr(status)); + talloc_free(tmp_ctx); + return NULL; + } + if (!NT_STATUS_IS_OK(c.out.result)) { + torture_comment(tctx, "dcerpc_lsa_Close failed - %s\n", nt_errstr(c.out.result)); + talloc_free(tmp_ctx); + return NULL; + } + + talloc_free(tmp_ctx); + talloc_free(p2); + + torture_comment(tctx, "GET user finished\n"); + return result; +} + +static DATA_BLOB* create_unencryptedsecret(TALLOC_CTX *mem_ctx, bool broken, int version) { + TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); + DATA_BLOB *blob = talloc(mem_ctx, DATA_BLOB); + if (version == 2) { + struct bkrp_encrypted_secret_v2 unenc_sec; + uint32_t key_size = 32; + uint8_t *tab = talloc_array(tmp_ctx, uint8_t, key_size); + + unenc_sec.secret_len = strlen(secret)+1; + unenc_sec.secret = (uint8_t*)secret; + unenc_sec.secret = talloc_array(tmp_ctx, uint8_t, sizeof(secret)); + + memcpy(unenc_sec.secret, secret, sizeof(secret)); + + generate_random_buffer(tab, key_size); + memcpy(unenc_sec.payload_key, tab, key_size); + + ndr_push_struct_blob(blob, mem_ctx, &unenc_sec, (ndr_push_flags_fn_t)ndr_push_bkrp_encrypted_secret_v2); + if (broken) { + /* We broke the magic value to check server behavior */ + /* Was 0x20 */ + ((uint8_t*)blob->data)[4] = 19; /* A great year !!! */ + } + } + if (version ==3) { + struct bkrp_encrypted_secret_v3 unenc_sec; + uint32_t key_size = 48; + uint8_t *tab = talloc_array(tmp_ctx, uint8_t, key_size); + + unenc_sec.secret_len = strlen(secret)+1; + unenc_sec.secret = (uint8_t*)secret; + unenc_sec.secret = talloc_array(tmp_ctx, uint8_t, sizeof(secret)); + + memcpy(unenc_sec.secret, secret, sizeof(secret)); + + generate_random_buffer(tab, key_size); + memcpy(unenc_sec.payload_key, tab, key_size); + + ndr_push_struct_blob(blob, mem_ctx, &unenc_sec, (ndr_push_flags_fn_t)ndr_push_bkrp_encrypted_secret_v3); + if (broken) { + /* We broke the magic value to check server behavior */ + /* Was 0x30 */ + ((uint8_t*)blob->data)[4] = 19; /* A great year !!! */ + } + } + talloc_free(tmp_ctx); + return blob; +} + +static DATA_BLOB* create_access_check(struct torture_context *tctx, struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, const char* user, bool broken, uint32_t version) { + TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); + DATA_BLOB *blob = talloc(mem_ctx, DATA_BLOB); + if (version == 2) { + struct bkrp_access_check_v2 access_struct; + uint32_t len = 32; + uint32_t hash_size = 20; + struct sha sctx; + DATA_BLOB buf; + struct dom_sid* sid = get_user_sid(tctx, p, tmp_ctx, user); + + if (sid == NULL) { + return NULL; + } + + buf.data = talloc_array(tmp_ctx, uint8_t, len); + buf.length = len; + + generate_random_buffer(buf.data, len); + access_struct.nonce_len = buf.length; + access_struct.nonce = buf.data; + access_struct.sid = *sid; + ZERO_STRUCT(access_struct.hash); + ndr_push_struct_blob(blob, mem_ctx, &access_struct, (ndr_push_flags_fn_t)ndr_push_bkrp_access_check_v2); + /*We pushed the whole structure including a null hash + * but the hash need to be calculated only up to the hash field + * so we reduce the size of what has to be calculated + */ + SHA1_Init(&sctx); + SHA1_Update(&sctx, blob->data, blob->length - hash_size); + SHA1_Final(blob->data+blob->length - hash_size, &sctx); + /* Altering the SHA */ + if (broken) { + blob->data[blob->length -1]++; + } + } + if (version == 3) { + struct bkrp_access_check_v3 access_struct; + uint32_t len = 32; + uint32_t hash_size = 64; + struct hc_sha512state sctx; + DATA_BLOB buf; + struct dom_sid* sid = get_user_sid(tctx, p, tmp_ctx, user); + + if (sid == NULL) { + return NULL; + } + + buf.data = talloc_array(tmp_ctx, uint8_t, len); + buf.length = len; + + generate_random_buffer(buf.data, len); + access_struct.nonce_len = buf.length; + access_struct.nonce = buf.data; + access_struct.sid = *sid; + ZERO_STRUCT(access_struct.hash); + ndr_push_struct_blob(blob, mem_ctx, &access_struct, (ndr_push_flags_fn_t)ndr_push_bkrp_access_check_v3); + /*We pushed the whole structure including a null hash + * but the hash need to be calculated only up to the hash field + * so we reduce the size of what has to be calculated + */ + /* + SHA1_Init(&sctx); + SHA1_Update(&sctx, blob->data, blob->length - hash_size); + SHA1_Final(blob->data+blob->length - hash_size, &sctx); + */ + + SHA512_Init(&sctx); + SHA512_Update(&sctx, blob->data, blob->length - hash_size); + SHA512_Final(blob->data+blob->length - hash_size, &sctx); + + /* Altering the SHA */ + if (broken) { + blob->data[blob->length -1]++; + } + } + talloc_free(tmp_ctx); + return blob; +} + +static DATA_BLOB* encrypt_blob_aes(struct torture_context *tctx, TALLOC_CTX *mem_ctx, DATA_BLOB *aes_key, DATA_BLOB *iv, DATA_BLOB *to_encrypt) { + hx509_crypto crypto; + hx509_context hctx; + heim_octet_string ivos; + heim_octet_string *encrypted; + DATA_BLOB *blob = talloc(mem_ctx, DATA_BLOB); + int res; + const AlgorithmIdentifier *alg = hx509_crypto_aes256_cbc(); + + ivos.data = talloc_array(mem_ctx, uint8_t, iv->length); + ivos.length = iv->length; + memcpy(ivos.data, iv->data, iv->length); + + hx509_context_init(&hctx); + res = hx509_crypto_init(hctx, NULL, &(alg->algorithm), &crypto); + if (res) { + torture_comment(tctx, "error while doing the init of the crypto obj\n"); + return NULL; + } + res = hx509_crypto_set_key_data(crypto, aes_key->data, aes_key->length); + if (res) { + torture_comment(tctx, "error while setting the key of the crypto object\n"); + return NULL; + } + hx509_crypto_set_padding(crypto, HX509_CRYPTO_PADDING_NONE); + res = hx509_crypto_encrypt(crypto, + to_encrypt->data, + to_encrypt->length, + &ivos, + &encrypted); + if (res) { + torture_comment(tctx, "error while encrypting\n"); + return NULL; + } + + blob->data = talloc_memdup(blob, encrypted->data, encrypted->length); + blob->length = encrypted->length; + hx509_crypto_destroy(crypto); + hx509_context_free(&hctx); + return blob; + +} + +static DATA_BLOB* encrypt_blob_3des(struct torture_context *tctx, TALLOC_CTX *mem_ctx, DATA_BLOB *des3_key, DATA_BLOB *iv, DATA_BLOB *to_encrypt) { + hx509_crypto crypto; + hx509_context hctx; + heim_octet_string ivos; + heim_octet_string *encrypted; + DATA_BLOB *blob = talloc(mem_ctx, DATA_BLOB); + int res; + const AlgorithmIdentifier *alg2 = hx509_crypto_des_rsdi_ede3_cbc(); + + ivos.data = talloc_array(mem_ctx, uint8_t, iv->length); + ivos.length = iv->length; + memcpy(ivos.data, iv->data, iv->length); + + hx509_context_init(&hctx); + res = hx509_crypto_init(hctx, NULL, &(alg2->algorithm), &crypto); + if (res) { + torture_comment(tctx, "error while doing the init of the crypto obj\n"); + return NULL; + } + res = hx509_crypto_set_key_data(crypto, des3_key->data, des3_key->length); + if (res) { + torture_comment(tctx, "error while setting the key of the crypto object\n"); + return NULL; + } + hx509_crypto_set_padding(crypto, HX509_CRYPTO_PADDING_NONE); + res = hx509_crypto_encrypt(crypto, + to_encrypt->data, + to_encrypt->length, + &ivos, + &encrypted); + if (res) { + torture_comment(tctx, "error while encrypting\n"); + return NULL; + } + + blob->data = talloc_memdup(blob, encrypted->data, encrypted->length); + blob->length = encrypted->length; + hx509_crypto_destroy(crypto); + hx509_context_free(&hctx); + return blob; +} + +static struct GUID* get_cert_guid(struct torture_context *tctx, TALLOC_CTX *mem_ctx, uint8_t *cert_data, uint32_t cert_len) { + hx509_context hctx; + hx509_cert cert; + heim_bit_string subjectuniqid; + DATA_BLOB data; + int hret; + uint32_t size; + struct GUID *guid = talloc(mem_ctx, struct GUID); + + hx509_context_init(&hctx); + + hret = hx509_cert_init_data(hctx, cert_data, cert_len, &cert); + if (hret) { + torture_comment(tctx, "error while loading the cert\n"); + return NULL; + } + hret = hx509_cert_get_issuer_unique_id(hctx, cert, &subjectuniqid); + if (hret) { + torture_comment(tctx, "error while getting the certificate\n"); + return NULL; + } + /* in bit string the real size has to be divided by 8*/ + size = subjectuniqid.length / 8; + data.data = talloc_memdup(mem_ctx,subjectuniqid.data, size); + data.length = size; + GUID_from_data_blob(&data, guid); + talloc_free(data.data); + return guid; +} + +static DATA_BLOB* encrypt_blob_pk(struct torture_context *tctx, TALLOC_CTX *mem_ctx, uint8_t *cert_data, uint32_t cert_len, DATA_BLOB *to_encrypt) { + hx509_context hctx; + hx509_cert cert; + heim_octet_string secretdata; + heim_octet_string encrypted; + heim_oid encryption_oid; + DATA_BLOB *blob; + int hret; + + hx509_context_init(&hctx); + + hret = hx509_cert_init_data(hctx, cert_data, cert_len, &cert); + if (hret) { + torture_comment(tctx, "error while loading the cert\n"); + return NULL; + } + + secretdata.data = to_encrypt->data; + secretdata.length = to_encrypt->length; + hret = _hx509_cert_public_encrypt(hctx, &secretdata, cert, &encryption_oid, &encrypted); + if (hret) { + torture_comment(tctx, "error while encrypting\n"); + return NULL; + } + + blob = talloc(mem_ctx, DATA_BLOB); + blob->data = talloc_memdup(blob, encrypted.data, encrypted.length); + blob->length = encrypted.length; + + hx509_cert_free(cert); + hx509_context_free(&hctx); + return blob; +} + +static bool test_RestoreGUID_ko(struct torture_context *tctx, + struct dcerpc_pipe *p) { + struct dcerpc_binding_handle *b = p->binding_handle; + struct dcerpc_binding *binding = p->binding; + struct bkrp_BackupKey r; + struct bkrp_client_side_wrapped data; + struct GUID g; + enum ndr_err_code ndr_err; + DATA_BLOB blob; + DATA_BLOB out_blob; + + binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO); + ZERO_STRUCT(r); + ZERO_STRUCT(data); + GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g); + r.in.guidActionAgent = &g; + data.version = 2; + data.encrypted_secret_len = 0; + data.access_check_len = 0; + ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped); + + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return false; + } + + r.in.data_in = blob.data; + r.in.data_in_len = blob.length; + r.in.param = 0; + r.out.data_out = &out_blob.data; + r.out.data_out_len = &out_blob.length; + if( p->conn->security_state.auth_info != NULL && + p->conn->security_state.auth_info->auth_level == 6) { + + DATA_BLOB *xs; + DATA_BLOB *sec; + DATA_BLOB *enc_sec; + DATA_BLOB enc_sec_reverted; + DATA_BLOB *enc_xs; + DATA_BLOB des3_key; + DATA_BLOB iv; + DATA_BLOB blob2; + struct bkrp_client_side_unwrapped resp; + struct GUID * guid; + int t; + uint32_t size; + const char* user = cli_credentials_get_username(cmdline_credentials); + + torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), + "Get GUID"); + + sec = create_unencryptedsecret(tctx, false, 2); + xs = create_access_check(tctx, p, tctx, user, false, 2); + if (xs == NULL) { + return false; + } + + enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec); + if (!enc_sec) { + return false; + } + /* + printf("Encrypted secret not encrypted\n"); + print_hex(sec->data, sec->length); + printf("Access check not encrypted\n"); + print_hex(xs->data, xs->length); + */ + enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length); + enc_sec_reverted.length = enc_sec->length; + + /* We DO NOT revert the array on purpose it's in order to check that + * when the server is not able to decrypt then it answer the correct error + */ + for(t=0; t< enc_sec->length; t++) { + //enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1]; + enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t]; + } + + size = sec->length; + iv.data = sec->data+(size-8); + iv.length = 8; + + des3_key.data = sec->data+(size-32); + des3_key.length = 24; + + enc_xs = encrypt_blob_3des(tctx, tctx, &des3_key, &iv, xs); + if (!enc_xs) { + return false; + } + /* To cope with the fact that heimdal do padding at the end for the moment */ + enc_xs->length = xs->length; + + data.version = 2; + data.encrypted_secret_len = enc_sec->length; + data.access_check_len = enc_xs->length; + guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length); + if (guid == NULL) { + return false; + } + data.guid = *guid; + data.encrypted_secret = enc_sec_reverted.data; + data.access_check = enc_xs->data; + ndr_err = ndr_push_struct_blob(&blob2, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped); + ZERO_STRUCT(r); + GUID_from_string(BACKUPKEY_RESTORE_GUID, &g); + r.in.guidActionAgent = &g; + r.in.data_in = blob2.data; + r.in.data_in_len = blob2.length; + r.in.param = 0; + r.out.data_out = &out_blob.data; + r.out.data_out_len = &out_blob.length; + + torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID"); + ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped); + torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped"); + torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_DATA, "Wrong error code"); + } else { + torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), + NT_STATUS_ACCESS_DENIED, "Get GUID"); + } + return true; +} + +static bool test_RestoreGUID_wrongversion(struct torture_context *tctx, + struct dcerpc_pipe *p) { + struct dcerpc_binding_handle *b = p->binding_handle; + struct dcerpc_binding *binding = p->binding; + struct bkrp_BackupKey r; + struct bkrp_client_side_wrapped data; + struct GUID g; + enum ndr_err_code ndr_err; + DATA_BLOB blob; + DATA_BLOB out_blob; + + binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO); + ZERO_STRUCT(r); + ZERO_STRUCT(data); + GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g); + r.in.guidActionAgent = &g; + data.version = 2; + data.encrypted_secret_len = 0; + data.access_check_len = 0; + ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped); + + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return false; + } + + r.in.data_in = blob.data; + r.in.data_in_len = blob.length; + r.in.param = 0; + r.out.data_out = &out_blob.data; + r.out.data_out_len = &out_blob.length; + if( p->conn->security_state.auth_info != NULL && + p->conn->security_state.auth_info->auth_level == 6) { + + DATA_BLOB *xs; + DATA_BLOB *sec; + DATA_BLOB *enc_sec; + DATA_BLOB enc_sec_reverted; + DATA_BLOB *enc_xs; + DATA_BLOB des3_key; + DATA_BLOB iv; + DATA_BLOB blob2; + struct bkrp_client_side_unwrapped resp; + struct GUID * guid; + int t; + uint32_t size; + + const char* user = cli_credentials_get_username(cmdline_credentials); + torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), + "Get GUID"); + + sec = create_unencryptedsecret(tctx, false, 2); + xs = create_access_check(tctx, p, tctx, user, false, 2); + if (xs == NULL) { + return false; + } + + enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec); + if (!enc_sec) { + return false; + } + /* + printf("Encrypted secret not encrypted\n"); + print_hex(sec->data, sec->length); + printf("Access check not encrypted\n"); + print_hex(xs->data, xs->length); + */ + enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length); + enc_sec_reverted.length = enc_sec->length; + + for(t=0; t< enc_sec->length; t++) { + enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1]; + //enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t]; + } + + size = sec->length; + iv.data = sec->data+(size-8); + iv.length = 8; + + des3_key.data = sec->data+(size-32); + des3_key.length = 24; + + /* + printf("Triple des key\n"); + print_hex(des3_key.data, 24); + */ + enc_xs = encrypt_blob_3des(tctx, tctx, &des3_key, &iv, xs); + if (!enc_xs) { + return false; + } + /* To cope with the fact that heimdal do padding at the end for the moment */ + enc_xs->length = xs->length; + /* + printf("Access check redecrypted: %d\n", tmp.length); + print_hex(tmp.data, tmp.length); + */ + + data.version = 1; + data.encrypted_secret_len = enc_sec->length; + data.access_check_len = enc_xs->length; + guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length); + if (guid == NULL) { + return false; + } + data.guid = *guid; + data.encrypted_secret = enc_sec_reverted.data; + data.access_check = enc_xs->data; + ndr_err = ndr_push_struct_blob(&blob2, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped); + /* + printf("Encrypted secret encrypted\n"); + print_hex(enc_sec->data, enc_sec->length); + printf("Access check encrypted\n"); + print_hex(enc_xs->data, enc_xs->length); + */ + ZERO_STRUCT(r); + GUID_from_string(BACKUPKEY_RESTORE_GUID, &g); + r.in.guidActionAgent = &g; + r.in.data_in = blob2.data; + r.in.data_in_len = blob2.length; + r.in.param = 0; + r.out.data_out = &out_blob.data; + r.out.data_out_len = &out_blob.length; + + torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID"); + ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped); + torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped"); + torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PARAM, "Wrong error code on wrong version"); + } else { + torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), + NT_STATUS_ACCESS_DENIED, "Get GUID"); + } + return true; +} + +static bool test_RestoreGUID_wronguser(struct torture_context *tctx, + struct dcerpc_pipe *p) { + struct dcerpc_binding_handle *b = p->binding_handle; + struct dcerpc_binding *binding = p->binding; + struct bkrp_BackupKey r; + struct bkrp_client_side_wrapped data; + struct GUID g; + enum ndr_err_code ndr_err; + DATA_BLOB blob; + DATA_BLOB out_blob; + + binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO); + ZERO_STRUCT(r); + ZERO_STRUCT(data); + GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g); + r.in.guidActionAgent = &g; + data.version = 2; + data.encrypted_secret_len = 0; + data.access_check_len = 0; + ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped); + + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return false; + } + + r.in.data_in = blob.data; + r.in.data_in_len = blob.length; + r.in.param = 0; + r.out.data_out = &out_blob.data; + r.out.data_out_len = &out_blob.length; + //DEBUG(0, ("Is the stuff not encrypted ? %s \n", p->conn->security_state.auth_info == NULL?"yes":"no")); + if( p->conn->security_state.auth_info != NULL && + p->conn->security_state.auth_info->auth_level == 6) { + + DATA_BLOB *xs; + DATA_BLOB *sec; + DATA_BLOB *enc_sec; + DATA_BLOB enc_sec_reverted; + DATA_BLOB *enc_xs; + DATA_BLOB des3_key; + DATA_BLOB iv; + DATA_BLOB blob2; + struct bkrp_client_side_unwrapped resp; + struct GUID * guid; + int t; + uint32_t size; + + torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), + "Get GUID"); + + sec = create_unencryptedsecret(tctx, false, 2); + xs = create_access_check(tctx, p, tctx, "guest", false, 2); + if (xs == NULL) { + return false; + } + + enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec); + if (!enc_sec) { + return false; + } + /* + printf("Encrypted secret not encrypted\n"); + print_hex(sec->data, sec->length); + printf("Access check not encrypted\n"); + print_hex(xs->data, xs->length); + */ + enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length); + enc_sec_reverted.length = enc_sec->length; + + for(t=0; t< enc_sec->length; t++) { + enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1]; + //enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t]; + } + + size = sec->length; + iv.data = sec->data+(size-8); + iv.length = 8; + + des3_key.data = sec->data+(size-32); + des3_key.length = 24; + + /* + printf("Triple des key\n"); + print_hex(des3_key.data, 24); + */ + enc_xs = encrypt_blob_3des(tctx, tctx, &des3_key, &iv, xs); + if (!enc_xs) { + return false; + } + /* To cope with the fact that heimdal do padding at the end for the moment */ + enc_xs->length = xs->length; + /* + printf("Access check redecrypted: %d\n", tmp.length); + print_hex(tmp.data, tmp.length); + */ + + data.version = 2; + data.encrypted_secret_len = enc_sec->length; + data.access_check_len = enc_xs->length; + guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length); + if (guid == NULL) { + return false; + } + data.guid = *guid; + data.encrypted_secret = enc_sec_reverted.data; + data.access_check = enc_xs->data; + ndr_err = ndr_push_struct_blob(&blob2, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped); + /* + printf("Encrypted secret encrypted\n"); + print_hex(enc_sec->data, enc_sec->length); + printf("Access check encrypted\n"); + print_hex(enc_xs->data, enc_xs->length); + */ + ZERO_STRUCT(r); + GUID_from_string(BACKUPKEY_RESTORE_GUID, &g); + r.in.guidActionAgent = &g; + r.in.data_in = blob2.data; + r.in.data_in_len = blob2.length; + r.in.param = 0; + r.out.data_out = &out_blob.data; + r.out.data_out_len = &out_blob.length; + + torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID"); + ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped); + torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped"); + torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_ACCESS, "Restore GUID"); + } else { + torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), + NT_STATUS_ACCESS_DENIED, "Get GUID"); + } + return true; +} + +static bool test_RestoreGUID_v3(struct torture_context *tctx, + struct dcerpc_pipe *p) { + struct dcerpc_binding_handle *b = p->binding_handle; + struct dcerpc_binding *binding = p->binding; + struct bkrp_BackupKey r; + struct bkrp_client_side_wrapped data; + struct GUID g; + enum ndr_err_code ndr_err; + DATA_BLOB blob; + DATA_BLOB out_blob; + + binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO); + ZERO_STRUCT(r); + ZERO_STRUCT(data); + GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g); + r.in.guidActionAgent = &g; + data.version = 3; + data.encrypted_secret_len = 0; + data.access_check_len = 0; + ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped); + + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return false; + } + + r.in.data_in = blob.data; + r.in.data_in_len = blob.length; + r.in.param = 0; + r.out.data_out = &out_blob.data; + r.out.data_out_len = &out_blob.length; + if( p->conn->security_state.auth_info != NULL && + p->conn->security_state.auth_info->auth_level == 6) { + + DATA_BLOB *xs; + DATA_BLOB *sec; + DATA_BLOB *enc_sec; + DATA_BLOB enc_sec_reverted; + DATA_BLOB *enc_xs; + DATA_BLOB aes_key; + DATA_BLOB iv; + DATA_BLOB blob2; + struct bkrp_client_side_unwrapped resp; + struct GUID * guid; + int t; + uint32_t size; + const char* user = cli_credentials_get_username(cmdline_credentials); + + torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), + "Get GUID"); + + sec = create_unencryptedsecret(tctx, false, 3); + xs = create_access_check(tctx, p, tctx, user, false, 3); + if (xs == NULL) { + return false; + } + + enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec); + if (!enc_sec) { + return false; + } + /* + printf("Encrypted secret not encrypted\n"); + print_hex(sec->data, sec->length); + printf("Access check not encrypted\n"); + print_hex(xs->data, xs->length); + printf("\n"); + for(t=0; tlength-64; t++) { + fprintf(stderr, "%c", xs->data[t]); + } + print_hex(xs->data, xs->length-64); + */ + + enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length); + enc_sec_reverted.length = enc_sec->length; + + for(t=0; t< enc_sec->length; t++) { + enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1]; + //enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t]; + } + + size = sec->length; + iv.data = sec->data+(size-16); + iv.length = 16; + + aes_key.data = sec->data+(size-48); + aes_key.length = 32; + + /* + printf("Triple des key\n"); + print_hex(des3_key.data, 24); + */ + enc_xs = encrypt_blob_aes(tctx, tctx, &aes_key, &iv, xs); + if (!enc_xs) { + return false; + } + /* To cope with the fact that heimdal do padding at the end for the moment */ + enc_xs->length = xs->length; + /* + printf("Access check redecrypted: %d\n", tmp.length); + print_hex(tmp.data, tmp.length); + */ + + data.version = 3; + data.encrypted_secret_len = enc_sec->length; + data.access_check_len = enc_xs->length; + guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length); + if (guid == NULL) { + return false; + } + data.guid = *guid; + data.encrypted_secret = enc_sec_reverted.data; + data.access_check = enc_xs->data; + ndr_err = ndr_push_struct_blob(&blob2, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped); + ZERO_STRUCT(r); + GUID_from_string(BACKUPKEY_RESTORE_GUID, &g); + r.in.guidActionAgent = &g; + r.in.data_in = blob2.data; + r.in.data_in_len = blob2.length; + r.in.param = 0; + r.out.data_out = &out_blob.data; + r.out.data_out_len = &out_blob.length; + + torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID"); + ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped); + torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 1, "Unable to unmarshall bkrp_client_side_unwrapped"); + torture_assert_werr_equal(tctx, r.out.result, WERR_OK, "Restore GUID"); + torture_assert_str_equal(tctx, (char*)resp.secret.data, secret, "Wrong secret"); + } else { + torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), + NT_STATUS_ACCESS_DENIED, "Get GUID"); + } + return true; +} + +static bool test_RestoreGUID(struct torture_context *tctx, + struct dcerpc_pipe *p) { + struct dcerpc_binding_handle *b = p->binding_handle; + struct dcerpc_binding *binding = p->binding; + struct bkrp_BackupKey r; + struct bkrp_client_side_wrapped data; + struct GUID g; + enum ndr_err_code ndr_err; + DATA_BLOB blob; + DATA_BLOB out_blob; + + binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO); + ZERO_STRUCT(r); + ZERO_STRUCT(data); + GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g); + r.in.guidActionAgent = &g; + data.version = 2; + data.encrypted_secret_len = 0; + data.access_check_len = 0; + ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped); + + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return false; + } + + r.in.data_in = blob.data; + r.in.data_in_len = blob.length; + r.in.param = 0; + r.out.data_out = &out_blob.data; + r.out.data_out_len = &out_blob.length; + if( p->conn->security_state.auth_info != NULL && + p->conn->security_state.auth_info->auth_level == 6) { + + DATA_BLOB *xs; + DATA_BLOB *sec; + DATA_BLOB *enc_sec; + DATA_BLOB enc_sec_reverted; + DATA_BLOB *enc_xs; + DATA_BLOB des3_key; + DATA_BLOB iv; + DATA_BLOB blob2; + struct bkrp_client_side_unwrapped resp; + struct GUID * guid; + int t; + uint32_t size; + const char* user = cli_credentials_get_username(cmdline_credentials); + + torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), + "Get GUID"); + + sec = create_unencryptedsecret(tctx, false, 2); + xs = create_access_check(tctx, p, tctx, user, false, 2); + if (xs == NULL) { + return false; + } + + enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec); + if (!enc_sec) { + return false; + } + /* + printf("Encrypted secret not encrypted\n"); + print_hex(sec->data, sec->length); + printf("Access check not encrypted\n"); + print_hex(xs->data, xs->length); + */ + enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length); + enc_sec_reverted.length = enc_sec->length; + + for(t=0; t< enc_sec->length; t++) { + enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1]; + //enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t]; + } + + size = sec->length; + iv.data = sec->data+(size-8); + iv.length = 8; + + des3_key.data = sec->data+(size-32); + des3_key.length = 24; + + /* + printf("Triple des key\n"); + print_hex(des3_key.data, 24); + */ + enc_xs = encrypt_blob_3des(tctx, tctx, &des3_key, &iv, xs); + if (!enc_xs) { + return false; + } + /* To cope with the fact that heimdal do padding at the end for the moment */ + enc_xs->length = xs->length; + /* + printf("Access check redecrypted: %d\n", tmp.length); + print_hex(tmp.data, tmp.length); + */ + + data.version = 2; + data.encrypted_secret_len = enc_sec->length; + data.access_check_len = enc_xs->length; + guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length); + if (guid == NULL) { + return false; + } + data.guid = *guid; + data.encrypted_secret = enc_sec_reverted.data; + data.access_check = enc_xs->data; + ndr_err = ndr_push_struct_blob(&blob2, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped); + ZERO_STRUCT(r); + GUID_from_string(BACKUPKEY_RESTORE_GUID, &g); + r.in.guidActionAgent = &g; + r.in.data_in = blob2.data; + r.in.data_in_len = blob2.length; + r.in.param = 0; + r.out.data_out = &out_blob.data; + r.out.data_out_len = &out_blob.length; + + torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID"); + ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped); + torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 1, "Unable to unmarshall bkrp_client_side_unwrapped"); + torture_assert_werr_equal(tctx, r.out.result, WERR_OK, "Restore GUID"); + torture_assert_str_equal(tctx, (char*)resp.secret.data, secret, "Wrong secret"); + } else { + torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), + NT_STATUS_ACCESS_DENIED, "Get GUID"); + } + return true; +} + +static bool test_RestoreGUID_badmagiconsecret(struct torture_context *tctx, + struct dcerpc_pipe *p) { + struct dcerpc_binding_handle *b = p->binding_handle; + struct dcerpc_binding *binding = p->binding; + struct bkrp_BackupKey r; + struct bkrp_client_side_wrapped data; + struct GUID g; + enum ndr_err_code ndr_err; + DATA_BLOB blob; + DATA_BLOB out_blob; + + binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO); + ZERO_STRUCT(r); + ZERO_STRUCT(data); + GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g); + r.in.guidActionAgent = &g; + data.version = 2; + data.encrypted_secret_len = 0; + data.access_check_len = 0; + ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped); + + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return false; + } + + r.in.data_in = blob.data; + r.in.data_in_len = blob.length; + r.in.param = 0; + r.out.data_out = &out_blob.data; + r.out.data_out_len = &out_blob.length; + if( p->conn->security_state.auth_info != NULL && + p->conn->security_state.auth_info->auth_level == 6) { + + DATA_BLOB *xs; + DATA_BLOB *sec; + DATA_BLOB *enc_sec; + DATA_BLOB enc_sec_reverted; + DATA_BLOB *enc_xs; + DATA_BLOB des3_key; + DATA_BLOB iv; + DATA_BLOB blob2; + struct bkrp_client_side_unwrapped resp; + struct GUID * guid; + int t; + uint32_t size; + const char* user = cli_credentials_get_username(cmdline_credentials); + + torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), + "Get GUID"); + + sec = create_unencryptedsecret(tctx, true, 2); + xs = create_access_check(tctx, p, tctx, user, false, 2); + if (xs == NULL) { + return false; + } + + enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec); + if (!enc_sec) { + return false; + } + /* + printf("Encrypted secret not encrypted\n"); + print_hex(sec->data, sec->length); + printf("Access check not encrypted\n"); + print_hex(xs->data, xs->length); + */ + enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length); + enc_sec_reverted.length = enc_sec->length; + + for(t=0; t< enc_sec->length; t++) { + enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1]; + //enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t]; + } + + size = sec->length; + iv.data = sec->data+(size-8); + iv.length = 8; + + des3_key.data = sec->data+(size-32); + des3_key.length = 24; + + /* + printf("Triple des key\n"); + print_hex(des3_key.data, 24); + */ + enc_xs = encrypt_blob_3des(tctx, tctx, &des3_key, &iv, xs); + if (!enc_xs) { + return false; + } + /* To cope with the fact that heimdal do padding at the end for the moment */ + enc_xs->length = xs->length; + /* + printf("Access check redecrypted: %d\n", tmp.length); + print_hex(tmp.data, tmp.length); + */ + + data.version = 2; + data.encrypted_secret_len = enc_sec->length; + data.access_check_len = enc_xs->length; + guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length); + if (guid == NULL) { + return false; + } + data.guid = *guid; + data.encrypted_secret = enc_sec_reverted.data; + data.access_check = enc_xs->data; + ndr_err = ndr_push_struct_blob(&blob2, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped); + ZERO_STRUCT(r); + GUID_from_string(BACKUPKEY_RESTORE_GUID, &g); + r.in.guidActionAgent = &g; + r.in.data_in = blob2.data; + r.in.data_in_len = blob2.length; + r.in.param = 0; + r.out.data_out = &out_blob.data; + r.out.data_out_len = &out_blob.length; + + torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID"); + ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped); + torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped"); + torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_DATA, "Wrong error code while providing bad magic in secret"); + } else { + torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), + NT_STATUS_ACCESS_DENIED, "Get GUID"); + } + return true; +} + +static bool test_RestoreGUID_emptyrequest(struct torture_context *tctx, + struct dcerpc_pipe *p) { + struct dcerpc_binding_handle *b = p->binding_handle; + struct dcerpc_binding *binding = p->binding; + struct bkrp_BackupKey r; + struct bkrp_client_side_wrapped data; + struct GUID g; + enum ndr_err_code ndr_err; + DATA_BLOB blob; + DATA_BLOB out_blob; + + binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO); + ZERO_STRUCT(r); + ZERO_STRUCT(data); + GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g); + r.in.guidActionAgent = &g; + data.version = 2; + data.encrypted_secret_len = 0; + data.access_check_len = 0; + ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped); + + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return false; + } + + r.in.data_in = blob.data; + r.in.data_in_len = blob.length; + r.in.param = 0; + r.out.data_out = &out_blob.data; + r.out.data_out_len = &out_blob.length; + if( p->conn->security_state.auth_info != NULL && + p->conn->security_state.auth_info->auth_level == 6) { + + struct bkrp_client_side_unwrapped resp; + struct GUID * guid; + + torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), + "Get GUID"); + + guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length); + if (guid == NULL) { + return false; + } + data.guid = *guid; + ZERO_STRUCT(r); + GUID_from_string(BACKUPKEY_RESTORE_GUID, &g); + r.in.guidActionAgent = &g; + r.in.data_in = talloc(tctx, uint8_t); + r.in.data_in_len = 0; + r.in.param = 0; + r.out.data_out = &out_blob.data; + r.out.data_out_len = &out_blob.length; + + torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID"); + ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped); + torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped"); + torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PARAM, "Bad error code on wrong has in access check"); + } else { + torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), + NT_STATUS_ACCESS_DENIED, "Get GUID"); + } + return true; +} + +static bool test_RestoreGUID_badcertguid(struct torture_context *tctx, + struct dcerpc_pipe *p) { + struct dcerpc_binding_handle *b = p->binding_handle; + struct dcerpc_binding *binding = p->binding; + struct bkrp_BackupKey r; + struct bkrp_client_side_wrapped data; + struct GUID g; + enum ndr_err_code ndr_err; + DATA_BLOB blob; + DATA_BLOB out_blob; + + binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO); + ZERO_STRUCT(r); + ZERO_STRUCT(data); + GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g); + r.in.guidActionAgent = &g; + data.version = 2; + data.encrypted_secret_len = 0; + data.access_check_len = 0; + ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped); + + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return false; + } + + r.in.data_in = blob.data; + r.in.data_in_len = blob.length; + r.in.param = 0; + r.out.data_out = &out_blob.data; + r.out.data_out_len = &out_blob.length; + if( p->conn->security_state.auth_info != NULL && + p->conn->security_state.auth_info->auth_level == 6) { + + DATA_BLOB *xs; + DATA_BLOB *sec; + DATA_BLOB *enc_sec; + DATA_BLOB enc_sec_reverted; + DATA_BLOB *enc_xs; + DATA_BLOB des3_key; + DATA_BLOB iv; + DATA_BLOB blob2; + struct bkrp_client_side_unwrapped resp; + struct GUID * guid; + int t; + uint32_t size; + const char* user = cli_credentials_get_username(cmdline_credentials); + + torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), + "Get GUID"); + + sec = create_unencryptedsecret(tctx, false, 2); + xs = create_access_check(tctx, p, tctx, user, false, 2); + if (xs == NULL) { + return false; + } + xs->data[0]++; + + enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec); + if (!enc_sec) { + return false; + } + /* + printf("Encrypted secret not encrypted\n"); + print_hex(sec->data, sec->length); + printf("Access check not encrypted\n"); + print_hex(xs->data, xs->length); + */ + enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length); + enc_sec_reverted.length = enc_sec->length; + + for(t=0; t< enc_sec->length; t++) { + enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1]; + //enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t]; + } + + size = sec->length; + iv.data = sec->data+(size-8); + iv.length = 8; + + des3_key.data = sec->data+(size-32); + des3_key.length = 24; + + /* + printf("Triple des key\n"); + print_hex(des3_key.data, 24); + */ + enc_xs = encrypt_blob_3des(tctx, tctx, &des3_key, &iv, xs); + if (!enc_xs) { + return false; + } + /* To cope with the fact that heimdal do padding at the end for the moment */ + enc_xs->length = xs->length; + /* + printf("Access check redecrypted: %d\n", tmp.length); + print_hex(tmp.data, tmp.length); + */ + + data.version = 2; + data.encrypted_secret_len = enc_sec->length; + data.access_check_len = enc_xs->length; + guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length); + if (guid == NULL) { + return false; + } + data.guid = GUID_random(); + data.encrypted_secret = enc_sec_reverted.data; + data.access_check = enc_xs->data; + ndr_err = ndr_push_struct_blob(&blob2, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped); + ZERO_STRUCT(r); + GUID_from_string(BACKUPKEY_RESTORE_GUID, &g); + r.in.guidActionAgent = &g; + r.in.data_in = blob2.data; + r.in.data_in_len = blob2.length; + r.in.param = 0; + r.out.data_out = &out_blob.data; + r.out.data_out_len = &out_blob.length; + + torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID"); + ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped); + torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped"); + torture_assert_werr_equal(tctx, r.out.result, WERR_FILE_NOT_FOUND, "Bad error code on wrong has in access check"); + } else { + torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), + NT_STATUS_ACCESS_DENIED, "Get GUID"); + } + return true; +} + +static bool test_RestoreGUID_badmagicaccesscheck(struct torture_context *tctx, + struct dcerpc_pipe *p) { + struct dcerpc_binding_handle *b = p->binding_handle; + struct dcerpc_binding *binding = p->binding; + struct bkrp_BackupKey r; + struct bkrp_client_side_wrapped data; + struct GUID g; + enum ndr_err_code ndr_err; + DATA_BLOB blob; + DATA_BLOB out_blob; + + binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO); + ZERO_STRUCT(r); + ZERO_STRUCT(data); + GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g); + r.in.guidActionAgent = &g; + data.version = 2; + data.encrypted_secret_len = 0; + data.access_check_len = 0; + ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped); + + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return false; + } + + r.in.data_in = blob.data; + r.in.data_in_len = blob.length; + r.in.param = 0; + r.out.data_out = &out_blob.data; + r.out.data_out_len = &out_blob.length; + if( p->conn->security_state.auth_info != NULL && + p->conn->security_state.auth_info->auth_level == 6) { + + DATA_BLOB *xs; + DATA_BLOB *sec; + DATA_BLOB *enc_sec; + DATA_BLOB enc_sec_reverted; + DATA_BLOB *enc_xs; + DATA_BLOB des3_key; + DATA_BLOB iv; + DATA_BLOB blob2; + struct bkrp_client_side_unwrapped resp; + struct GUID * guid; + int t; + uint32_t size; + const char* user = cli_credentials_get_username(cmdline_credentials); + + torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), + "Get GUID"); + + sec = create_unencryptedsecret(tctx, false, 2); + xs = create_access_check(tctx, p, tctx, user, false, 2); + if (xs == NULL) { + return false; + } + xs->data[0]++; + + enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec); + if (!enc_sec) { + return false; + } + /* + printf("Encrypted secret not encrypted\n"); + print_hex(sec->data, sec->length); + printf("Access check not encrypted\n"); + print_hex(xs->data, xs->length); + */ + enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length); + enc_sec_reverted.length = enc_sec->length; + + for(t=0; t< enc_sec->length; t++) { + enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1]; + //enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t]; + } + + size = sec->length; + iv.data = sec->data+(size-8); + iv.length = 8; + + des3_key.data = sec->data+(size-32); + des3_key.length = 24; + + /* + printf("Triple des key\n"); + print_hex(des3_key.data, 24); + */ + enc_xs = encrypt_blob_3des(tctx, tctx, &des3_key, &iv, xs); + if (!enc_xs) { + return false; + } + /* To cope with the fact that heimdal do padding at the end for the moment */ + enc_xs->length = xs->length; + /* + printf("Access check redecrypted: %d\n", tmp.length); + print_hex(tmp.data, tmp.length); + */ + + data.version = 2; + data.encrypted_secret_len = enc_sec->length; + data.access_check_len = enc_xs->length; + guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length); + if (guid == NULL) { + return false; + } + data.guid = *guid; + data.encrypted_secret = enc_sec_reverted.data; + data.access_check = enc_xs->data; + ndr_err = ndr_push_struct_blob(&blob2, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped); + ZERO_STRUCT(r); + GUID_from_string(BACKUPKEY_RESTORE_GUID, &g); + r.in.guidActionAgent = &g; + r.in.data_in = blob2.data; + r.in.data_in_len = blob2.length; + r.in.param = 0; + r.out.data_out = &out_blob.data; + r.out.data_out_len = &out_blob.length; + + torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID"); + ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped); + torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped"); + torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_DATA, "Bad error code on wrong has in access check"); + } else { + torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), + NT_STATUS_ACCESS_DENIED, "Get GUID"); + } + return true; +} + +static bool test_RestoreGUID_badhashaccesscheck(struct torture_context *tctx, + struct dcerpc_pipe *p) { + struct dcerpc_binding_handle *b = p->binding_handle; + struct dcerpc_binding *binding = p->binding; + struct bkrp_BackupKey r; + struct bkrp_client_side_wrapped data; + struct GUID g; + enum ndr_err_code ndr_err; + DATA_BLOB blob; + DATA_BLOB out_blob; + + binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO); + ZERO_STRUCT(r); + ZERO_STRUCT(data); + GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g); + r.in.guidActionAgent = &g; + data.version = 2; + data.encrypted_secret_len = 0; + data.access_check_len = 0; + ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped); + + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return false; + } + + r.in.data_in = blob.data; + r.in.data_in_len = blob.length; + r.in.param = 0; + r.out.data_out = &out_blob.data; + r.out.data_out_len = &out_blob.length; + if( p->conn->security_state.auth_info != NULL && + p->conn->security_state.auth_info->auth_level == 6) { + + DATA_BLOB *xs; + DATA_BLOB *sec; + DATA_BLOB *enc_sec; + DATA_BLOB enc_sec_reverted; + DATA_BLOB *enc_xs; + DATA_BLOB des3_key; + DATA_BLOB iv; + DATA_BLOB blob2; + struct bkrp_client_side_unwrapped resp; + struct GUID * guid; + int t; + uint32_t size; + const char* user = cli_credentials_get_username(cmdline_credentials); + + torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), + "Get GUID"); + + sec = create_unencryptedsecret(tctx, false, 2); + xs = create_access_check(tctx, p, tctx, user, true, 2); + if (xs == NULL) { + return false; + } + + enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec); + if (!enc_sec) { + return false; + } + /* + printf("Encrypted secret not encrypted\n"); + print_hex(sec->data, sec->length); + printf("Access check not encrypted\n"); + print_hex(xs->data, xs->length); + */ + enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length); + enc_sec_reverted.length = enc_sec->length; + + for(t=0; t< enc_sec->length; t++) { + enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1]; + //enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t]; + } + + size = sec->length; + iv.data = sec->data+(size-8); + iv.length = 8; + + des3_key.data = sec->data+(size-32); + des3_key.length = 24; + + /* + printf("Triple des key\n"); + print_hex(des3_key.data, 24); + */ + enc_xs = encrypt_blob_3des(tctx, tctx, &des3_key, &iv, xs); + if (!enc_xs) { + return false; + } + /* To cope with the fact that heimdal do padding at the end for the moment */ + enc_xs->length = xs->length; + /* + printf("Access check redecrypted: %d\n", tmp.length); + print_hex(tmp.data, tmp.length); + */ + + data.version = 2; + data.encrypted_secret_len = enc_sec->length; + data.access_check_len = enc_xs->length; + guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length); + if (guid == NULL) { + return false; + } + data.guid = *guid; + data.encrypted_secret = enc_sec_reverted.data; + data.access_check = enc_xs->data; + ndr_err = ndr_push_struct_blob(&blob2, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped); + ZERO_STRUCT(r); + GUID_from_string(BACKUPKEY_RESTORE_GUID, &g); + r.in.guidActionAgent = &g; + r.in.data_in = blob2.data; + r.in.data_in_len = blob2.length; + r.in.param = 0; + r.out.data_out = &out_blob.data; + r.out.data_out_len = &out_blob.length; + + torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID"); + ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped); + torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped"); + torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_DATA, "Bad error code on wrong has in access check"); + } else { + torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), + NT_STATUS_ACCESS_DENIED, "Get GUID"); + } + return true; +} + +struct torture_suite *torture_rpc_backupkey(TALLOC_CTX *mem_ctx) +{ + struct torture_rpc_tcase *tcase; + struct torture_suite *suite = torture_suite_create(mem_ctx, "BACKUPKEY"); + struct torture_test *test; + + tcase = torture_suite_add_rpc_iface_tcase(suite, "backupkey", + &ndr_table_backupkey); + + test = torture_rpc_tcase_add_test(tcase, "retreive_backup_key_guid", + test_RetreiveBackupKeyGUID); + test = torture_rpc_tcase_add_test(tcase, "restore_guid", + test_RestoreGUID); + test = torture_rpc_tcase_add_test(tcase, "restore_guid version 3", + test_RestoreGUID_v3); +/* We double the test in order to be sure that we don't mess stuff (ie. freeing static stuff */ + + test = torture_rpc_tcase_add_test(tcase, "restore_guid_2nd", + test_RestoreGUID); + + test = torture_rpc_tcase_add_test(tcase, "unable_to_decrypt_secret", + test_RestoreGUID_ko); + + test = torture_rpc_tcase_add_test(tcase, "wrong_user_restore_guid", + test_RestoreGUID_wronguser); + + test = torture_rpc_tcase_add_test(tcase, "wrong_version_restore_guid", + test_RestoreGUID_wrongversion); + + test = torture_rpc_tcase_add_test(tcase, "bad_magic_on_secret_restore_guid", + test_RestoreGUID_badmagiconsecret); + + test = torture_rpc_tcase_add_test(tcase, "bad_hash_on_secret_restore_guid", + test_RestoreGUID_badhashaccesscheck); + + test = torture_rpc_tcase_add_test(tcase, "bad_magic_on_accesscheck_restore_guid", + test_RestoreGUID_badmagicaccesscheck); + test = torture_rpc_tcase_add_test(tcase, "bad_cert_guid_restore_guid", + test_RestoreGUID_badcertguid); + test = torture_rpc_tcase_add_test(tcase, "empty_request_restore_guid", + test_RestoreGUID_emptyrequest); + test = torture_rpc_tcase_add_test(tcase, "empty_request_restore_guid", + test_RestoreGUID_emptyrequest); + + return suite; +} diff --git a/source4/torture/rpc/rpc.c b/source4/torture/rpc/rpc.c index 8d7c51aff9..9a761fa048 100644 --- a/source4/torture/rpc/rpc.c +++ b/source4/torture/rpc/rpc.c @@ -490,6 +490,7 @@ NTSTATUS torture_rpc_init(void) torture_suite_add_simple_test(suite, "ASYNCBIND", torture_async_bind); torture_suite_add_suite(suite, torture_rpc_ntsvcs(suite)); torture_suite_add_suite(suite, torture_rpc_bind(suite)); + torture_suite_add_suite(suite, torture_rpc_backupkey(suite)); suite->description = talloc_strdup(suite, "DCE/RPC protocol and interface tests"); diff --git a/source4/torture/wscript_build b/source4/torture/wscript_build index cbbfdabeb5..a0c493d882 100644 --- a/source4/torture/wscript_build +++ b/source4/torture/wscript_build @@ -40,11 +40,11 @@ bld.SAMBA_SUBSYSTEM('TORTURE_NDR', bld.SAMBA_MODULE('torture_rpc', - source='rpc/join.c rpc/lsa.c rpc/forest_trust.c rpc/lsa_lookup.c rpc/session_key.c rpc/echo.c rpc/dfs.c rpc/drsuapi.c rpc/drsuapi_cracknames.c rpc/dsgetinfo.c rpc/spoolss.c rpc/spoolss_notify.c rpc/spoolss_win.c rpc/spoolss_access.c rpc/unixinfo.c rpc/samr.c rpc/samr_accessmask.c rpc/wkssvc.c rpc/srvsvc.c rpc/svcctl.c rpc/atsvc.c rpc/eventlog.c rpc/epmapper.c rpc/winreg.c rpc/initshutdown.c rpc/oxidresolve.c rpc/remact.c rpc/mgmt.c rpc/scanner.c rpc/autoidl.c rpc/countcalls.c rpc/testjoin.c rpc/schannel.c rpc/netlogon.c rpc/remote_pac.c rpc/samlogon.c rpc/samsync.c rpc/multi_bind.c rpc/dssetup.c rpc/alter_context.c rpc/bench.c rpc/samba3rpc.c rpc/rpc.c rpc/async_bind.c rpc/handles.c rpc/frsapi.c rpc/object_uuid.c rpc/ntsvcs.c rpc/browser.c rpc/bind.c', + source='rpc/join.c rpc/lsa.c rpc/forest_trust.c rpc/lsa_lookup.c rpc/session_key.c rpc/echo.c rpc/dfs.c rpc/drsuapi.c rpc/drsuapi_cracknames.c rpc/dsgetinfo.c rpc/spoolss.c rpc/spoolss_notify.c rpc/spoolss_win.c rpc/spoolss_access.c rpc/unixinfo.c rpc/samr.c rpc/samr_accessmask.c rpc/wkssvc.c rpc/srvsvc.c rpc/svcctl.c rpc/atsvc.c rpc/eventlog.c rpc/epmapper.c rpc/winreg.c rpc/initshutdown.c rpc/oxidresolve.c rpc/remact.c rpc/mgmt.c rpc/scanner.c rpc/autoidl.c rpc/countcalls.c rpc/testjoin.c rpc/schannel.c rpc/netlogon.c rpc/remote_pac.c rpc/samlogon.c rpc/samsync.c rpc/multi_bind.c rpc/dssetup.c rpc/alter_context.c rpc/bench.c rpc/samba3rpc.c rpc/rpc.c rpc/async_bind.c rpc/handles.c rpc/frsapi.c rpc/object_uuid.c rpc/ntsvcs.c rpc/browser.c rpc/bind.c rpc/backupkey.c', autoproto='rpc/proto.h', subsystem='smbtorture', init_function='torture_rpc_init', - deps='NDR_TABLE RPC_NDR_UNIXINFO dcerpc_samr RPC_NDR_WINREG RPC_NDR_INITSHUTDOWN RPC_NDR_OXIDRESOLVER RPC_NDR_EVENTLOG RPC_NDR_ECHO RPC_NDR_SVCCTL RPC_NDR_NETLOGON dcerpc_atsvc RPC_NDR_DRSUAPI RPC_NDR_LSA RPC_NDR_EPMAPPER RPC_NDR_DFS RPC_NDR_FRSAPI RPC_NDR_SPOOLSS RPC_NDR_SRVSVC RPC_NDR_WKSSVC RPC_NDR_ROT RPC_NDR_DSSETUP RPC_NDR_REMACT RPC_NDR_OXIDRESOLVER RPC_NDR_NTSVCS WB_HELPER LIBSAMBA-NET LIBCLI_AUTH POPT_CREDENTIALS TORTURE_LDAP TORTURE_UTIL TORTURE_RAP dcerpc_server service process_model ntvfs SERVICE_SMB RPC_NDR_BROWSER LIBCLI_DRSUAPI TORTURE_LDB_MODULE TORTURE_DFS', + deps='NDR_TABLE RPC_NDR_UNIXINFO dcerpc_samr RPC_NDR_WINREG RPC_NDR_INITSHUTDOWN RPC_NDR_OXIDRESOLVER RPC_NDR_EVENTLOG RPC_NDR_ECHO RPC_NDR_SVCCTL RPC_NDR_NETLOGON dcerpc_atsvc RPC_NDR_DRSUAPI RPC_NDR_LSA RPC_NDR_EPMAPPER RPC_NDR_DFS RPC_NDR_FRSAPI RPC_NDR_SPOOLSS RPC_NDR_SRVSVC RPC_NDR_WKSSVC RPC_NDR_ROT RPC_NDR_DSSETUP RPC_NDR_REMACT RPC_NDR_OXIDRESOLVER RPC_NDR_NTSVCS WB_HELPER LIBSAMBA-NET LIBCLI_AUTH POPT_CREDENTIALS TORTURE_LDAP TORTURE_UTIL TORTURE_RAP dcerpc_server service process_model ntvfs SERVICE_SMB RPC_NDR_BROWSER LIBCLI_DRSUAPI TORTURE_LDB_MODULE TORTURE_DFS RPC_NDR_BACKUPKEY', internal_module=True )